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Title: AUTHORIZATION INFRASTRUCTURE BASED ON PUBLIC KEY CRYPTOGRAPHY 

IN THE CLAIMS 

Please amend claims 4, 7, and 19 as follows: 

7 ' " 

1. (Original) A public key authorization infrastructure comprising: 
a client program accessible by a user; 

an application program; 

a certificate authority issuing a long-term public key identity certificate (long-term 
certificate) that binds a public key of the user to long-term identification information related 
to the user; 

a directory for storing short-term authorization information related to the user; and 

a credentials server for issuing a short-term public key credential certificate (short- 
term certificate) to the client, the short-term certificate binds the public key of the user to the 
long-term identification information related to the user from the long term certificate and to 
the short-term authorization information related to the user from the directory, wherein the 
client program presents the short-term certificate to the application program for authorization 
and demonstrates that the user has knowledge of a private key corresponding to the public 
key in the short-term certificate. 

2. (Original) The public key authorization infrastructure of claim 1 wherein the short- 
term certificate includes an expiration date/time. 

3. (Original) The public key authorization infrastructure of claim 2 wherein a validity 
period from when the credentials server issues the short-term certificate to the expiration 
date/time is sufficiently short such that the short-term certificate does not need to be subject 
to revocation. 
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4. (Currently Amended) The public key authorization infrastructure of claim 2 further 
comprising: 

includes a certificate revocation list (CRL), wherein the expiration date/time of the 
short-term certificate is no later than a date/time at which a next CRL is scheduled. 

5. (Original) The public key authorization infrastructure of claim 2 wherein the short- 
term certificate is not subject to revocation. 

6. (Original) The public key authorization infrastructure of claim 1 wherein the short- 
term certificate is a non-structured short-term certificate. 

7. (Currently Amended) The public key authorization infrastructure of claim 1 further 
comprising: 

a second application program; and 

wherein the short-term certificate is a structured short-term certificate including: 

a first folder corresponding to the first named application program and 
containing long-term information and short-term information as required by the first 
named application program; 

a second folder corresponding to the second application program and 
containing long-term information and short-term information as required by the 
second application; and 

wherein the first folder is open and the second folder is closed when the client 
presents the short-term certificate to the first named application program for 
authorization, wherein closing the second folder makes its contents not readable by 
the first named application programi-and. 

wherein tho first folder is closed and the second folder is open when th e client 
presents the short term certificat e to th e second application program for authorization. 
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whoroin closing tho first foldor malccs its contGnts not roadablo by the second 
application program. 

8. (Original) The public key authorization infrastructure of claim 1 wherein the short- 
term certificate is an X.509v3 certificate. 

9. (Original) The public key authorization infrastructure of claim 7 wherein the first 
folder and the second folder are implemented as extension fields of an X.509v3 certificate. 

10. (Original) The public key authorization infrastructure of claim 1 wherein the 
directory further stores the issued long-term certificate. 

1 1 . (Original) The public key authorization infrastructure of claim 1 wherein the private 
key is stored in a smartcard accessible by the client program. 

12. (Original) The public key authorization infrastructure of claim 1 wherein the private 
key is stored in a secure software wallet accessible by the client program. 

13. (Original) A method of authorizing a user, the method comprising the steps of: 
issuing a long-term public key identity certificate (long-term certificate) that binds a 

public key of the user to long-term identification information related to the user; 
storing short-term authorization information related to the user; 

issuing a short-term public key credential certificate (short-term certificate) that binds 
the public key of the user to the long-term identification information related to the user 
contained in the long-term certificate and to the short-term authorization information related 
to the user; and 
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presenting the short-term certificate on behalf of the user to an application program 
for authorization and demonstrating that the user has knowledge of a private key 
corresponding to the public key in the short-term certificate. 

14. (Original) The method of claim 13 wherein the short-term certificate includes an 
expiration date/time. 

15. (Original) The method of claim 14 wherein a validity period from when the short- 
term certificate is issued to the expiration date/time is sufficiently short such that the short- 
term certificate does not need to be subject to revocation. 

16. (Original) The method of claim 14 further comprising the step of: 

maintaining a certificate revocation list (CRL), wherein the expiration date/time of the 
short-term certificate is no later than a time at which the next CRL is scheduled. 

17. (Original) The method of claim 14 wherein the short-term certificate is not subject to 
revocation. 

18. (Original) The method of claim 13 wherein the short-term certificate is a non- 
structured short-term certificate. 

19. (Currently Amended) The method of claim 13 wherein the short-term certificate is a 
structured short-term certificate including a first folder corresponding to the first named 
application program and containing long-term information and short-term information as 
required by the first named application program, and including a second folder corresponding 
to a second application program and containing long-term information and short-term 
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information as required by the second application, wherein the method further comprises-the 
st e ps of : 

closing the second folder and leaving the first folder open prior to the 
presenting step if the presenting step presents the short-term certificate to the first 
named application program for authorization, wherein closing the second folder 
makes its contents not readable by the first named application programt-aftd 

closing the first folder and l e aving the s e cond folder open prior to the 

presenting step if the presenting stop presents the short term certificate to the second 
application program for authorization, wher e in closing the first folder molces its 
cont e nts not readabl e by the s e cond application program . 

20. (Original) The method of claim 13 wherein the short-term certificate is an X.509v3 
certificate. 




21. (Original) The method of claim 19 wherein the first folder and the second folder are 



implemented as extension fields of an X.509v3 certificate. 

22. (Original) The method of claim 13 wherein the method further comprises the step of: 
storing the issued long-term certificate in a directory. 

23. (Original) The method of claim 13 further comprising the step of: 
storing the private key in a smartcard. 

24. (Original) The method of claim 13 further comprising the step of; 
storing the private key in a secure software wallet. 
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